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APPENDIX OF CLAIMS 

16. A portable data carrier capable of authentication by means of biometric 
data, comprising a memory in which at least two sets of biometric reference data are 
stored, and wherein the different sets of reference data are generated from biometric 
data of a biometric feature using different algorithms. 

17. A terminal for authentication by means of biometric data comprising a 
sensor arranged to detect at least one biometric feature, an 1/0 device for 
transferring data, and a control and data processing unit which is arranged to convert 
biometric data from the sensor which were derived from the at least one detected 
biometric feature into comparative data by an algorithm, wherein at least two 
different algorithms are used to convert said biometric data from the sensor into said 
comparative data. 

18. A biometric authentication device comprising: 

a portable data carrier capable of authentication by means of biometric 
data comprising a memory in which at least two sets of biometric reference data are 
stored, and wherein the different sets of reference data are generated from biometric 
data of a biometric feature using different algorithms; 

a terminal for authentication by means of biometric data comprising a 
sensor arranged to detect at least one biometric feature, an I/O device for 
transferring data, and a control and data processing unit which is arranged to convert 
biometric data from the sensor which were derived from the at least one detected 
biometric feature into comparative data by an algorithm, wherein at least two 
different algorithms are used to convert said biometric data from the sensor Into 
comparative data; 

wherein said reference data are transferred by the I/O device from the 
data carrier to the terminal, and 
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wherein the control and data processing unit are arranged to check the 
reference data for a match with the comparative data. 

19. The authentication device according to claim 18, wherein the comparative 
data are transferred by the I/O device from the terminal to the data carrier; and 

the data carrier includes a control and data processing unit arranged 
to check the reference data for a match with the comparative data. 

20. The authentication device according to claim 18, wherein the portable 
data carrier is a smart card. 

21. The authentication device according to claim 18, wherein the sets of 
reference data and the algorithms used for generating the sets of comparative data 
have a characteristic identification, and wherein reference data and comparative data 
with the same identification are checked. 

22. The authentication device according to claim 1 8, wherein the at least one 
detected biometric feature is selected from the group consisting of iris, retina, face, 
speech, fingerprints and a signature including the writing dynamics determined 
during signing. 

23. A method for authentication by means of biometric data comprising the 

steps: 

deriving and storing several reference data from biometric data of at 
least one biometric feature using different algorithms; 
detecting biometric data; 

converting the detected biometric data into comparative data by an 
algorithm; and 
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comparing the stored reference data with the converted comparative 
data for an authentication. 

24. The method according to claim 23, wherein the step of converting 
detected biometric data into comparative data is carried out by using at least two 
different algorithms. 

25. The method according to claim 23, wherein the reference data and/or 

0 comparative data or the algorithms generating them have an identification, and only 
1i the stored reference data are compared with converted comparative data which have 
^ the same identification or only comparative data are converted from the detected 
ii'i biometric data by the algorithm which has the same identification. 

1 26. The method according to claim 23, wherein the at least one biometric 
ll feature is selected from the group consisting of iris, retina, face, speech, fingerprints 

and a signature including the writing dynamics determined during signing. 

27. The method according to claim 23, wherein several different sets of 
reference data are derived and stored, and several different sets of comparative data 
have been converted from detected biometric data, and wherein the several different 
sets of reference data are compared with the several different sets of comparative 
data for authentication. 

28. The method according to claim 27, wherein the different sets of reference 
data and the different sets of comparative data are derived and converted from 
biometric data of the same kind which have been converted by different algorithms. 
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29. The method according to claim 27, wherein the conversion of the different 
sets of reference data and comparative data starts out from different biometric data 
which have been converted by the same or by different algorithms. 

30. The method according to claim 27, wherein upon comparison of several 
different sets of reference data with several different sets of comparative data, the 
authentication is decided positively if the majority of comparisons are positive. 

31. A terminal according to claim 17, wherein the at least one biometric 
feature is selected from the group consisting of iris, retina, face, speech, fingerprints 
and a signature including the writing dynamics determined during signing. 

32. A portable data carrier according to claim 16, wherein the portable data 
carrier is a smart card. 

33. A portable data carrier according to claim 16, wherein the biometric 
feature is selected from the group consisting of iris, retina, face, speech, fingerprints 
and a signature including the writing dynamics determined during signing. 
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Devices and method for biometric authentication 



The present invention relates to devices and a method for biometric authentica- 
tion by means of reference data stored in a memory of a portable data carrier. 

Devices and methods for biometric authentication are known and include e.g. 
the evaluation of unique features such as retina, iris, speech, facial features, finger- 
prints, signatures with detection of the dynamics during signing, etc. Known meth- 
ods for biometric authentication have been hitherto limited in their spread above all 
by the high prices for the sensors used for detecting the biometric features. However, 
new developments have made sensors available, e.g. fingerprint sensors made of 
semiconductor materials, which allow cost-effective realizations. 

For biometric authentication methods to make their final breakthrough with re- 
spect to more widespread use, however, there is a need for standardized generation 
of reference data or standardization of the reference data for the particular biometric 
features used for authentication. Different suppliers of methods and devices for 
biometric authentication have hitherto used algorithms for generating the reference 
data which normally lead to different reference data which are not interchangeable. 
This limits the employability of biometric methods to the supplier's particular sys- 
tem. 



The problem of the present invention is therefore to provide devices and a 
method for biometric authentication which are universally employable and not lim- 
ited to a certain system. 

This problem is solved by the features of the independent claims. 

The invention starts out from the consideration that the storage of several sets 
of biometric reference data increases the likelihood of the evaluation of at least one 
set of stored biometric reference data being possible, so that the desired system- 
independent authentication is attained. This permits the desired wide spread of 
biometric authentication. 

Another embodiment of the invention involves the advantage that higher secu- 
rity of authentication is guaranteed by checking several of the stored sets of 
biometric data during authentication. 



Further advantages of the invention will result from the following description 
of an example with reference to figures, and the dependent claims. 

Figure 1 shows a system for carrying out the inventive method, 

Figure 2 shows a component of the system shown in Figure 1. 

The biometric authentication system shown in Figure 1 has portable data carrier 
1 introduced into input/output device 2 (I/O device) connected with control and data 
processing unit 3. Control and data processing unit 3 furthermore has connected 
thereto sensor 4 for detecting biometric features. Furthermore, control and data proc- 
essing unit 3 may be provided with a keyboard, display and connection to a back- 
ground data system, such as a telephone connection or network connection. The lat- 
ter elements are not shown in Figure 1 because they are not of importance for under- 
standing the present invention. The totality of I/O device 2, data processing unit 3 
and sensor 4 is usually referred to as a terminal. I/O device 2, data processing unit 3 
and sensor 4 can form one structural unit. 

Sensor 4 can detect for example biometric features of the eye, e.g. the iris, as 
shown. As described above, however, it is also possible to use sensors which detect 
any other biometric data. Control and data processing unit 3 can be formed for ex- 
ample by microcomputer 3 having in particular memory 3 a with at least one non- 
volatile area. Data carrier 1 used can be formed for exaniple by a smart card having 
chip \a with a contact bank. Alternatively, one can use contactless smart card 1 with 
accordingly designed I/O device 2. Via the contact bank I/O device 2 makes a con- 
nection to the circuit components contained in chip la of smart card 1 which will be 
described in more detail below. Instead of a smart card, portable data carrier 1 can 
also be realized by an optical, magnetic or other suitable storage medium or a com- 
bination of storage media. In this case I/O device 2 must be formed accordingly to be 
able to read the stored data. To simplify the description of the biometric authentica- 
tion system, however, a smart card will be assumed as portable data carrier 1 in the 
following by way of example. 

To start up the system, smart card 1 is introduced into I/O device 2 and sensor 4 
determines biometric features of the user to whom smart card 1 is to be assigned. 



The data of the detected biometric features are transferred by I/O device 2 to micro- 
computer 3 and processed there. A set of reference data is generated from the 
biometric features or data. The reference data are transferred by microcomputer 3 to 
I/O device 2, which is also suitable for writing data, and transferred from I/O device 
2 to smart card 1 . 

For processing the biometric data and generating the set of reference data at 
least one corresponding algorithm, which is known in the art, is stored in memory 3 a 
of microcomputer 3. In order to make several sets of reference data available in 
smart card 1, several different algorithms for generating reference data can be pres- 
ent in microcomputer 3, It is likewise possible for the user to perform an initializa- 
tion on different terminals 2, 3, 4, comprising I/O device 2, microcomputer 3 and 
sensor 4, by which reference data are generated from the biometric features or data 
detected by sensor 4 by different algorithms. Different terminals 2, 3, 4 can be lo- 
cated for example with different suppliers of applications for smart card 1 . Applica- 
tions refers in this case to areas of use of smart card 1, such as a bank card for mak- 
ing payments, a door opener card for an access system, a key card for an encryption 
system, etc. For unique identification of the different sets of reference data or the 
algorithms generating them, each set of reference data can have added thereto a 
unique identification which designates the algorithm used for generating the set of 
reference data, for example in the form of a header preceding the set of reference 
data. The header can contain for example the name of the person who produces the 
algorithm used or offers it for use. 

Figure 2 shows a more detailed view of chip la of smart card 1 . Chip la has 
interface 10 for I/O device 2 shown in Figure 1, which can be for example of con- 
tact-type or contactless design. Such contactless or contact-type smart cards or I/O 
devices are known. Interface 10 is connected with signal conditioning unit 1 1 which 
conditions the data transferred via interface 10 both for transmission and for recep- 
tion. Signal conditioning unit 1 1 is connected with controller 12 (which can be 
formed by a microcomputer) to which memory 13 is connected. At least one area of 
memory 12 is formed as a nonvolatile memory. 



As described above, the determined sets of reference data are transferred by I/O 
device 2 to smart card 1. They are transferred via interface 10 and signal condition- 
ing unit 1 1 to microcomputer 12 which stores them in areas provided in the non- 
volatile part of memory 13. The different sets of reference data can be identified by 
means of the above-described headers which are likewise stored in the nonvolatile 
area of memory 13, 

Upon data exchange between smart card 1 and terminal 2, 3, 4 the legitimacy 
of data exchange of smart card 1 and/or terminal 2, 3, 4 is usually checked. Data ex- 
change itself can be effected in encrypted form. Methods both for encryption and for 
checking the legitimacy of terminal and/or smart card are known and need not be 
described in detail here since they are not important in connection with the present 
invention. 

Memory 13 of smart card 1 contains after start-up several different sets of ref- 
erence data for the evaluated biometric feature, for example reference data of the iris 
of the smart card user. When the smart card user wants to activate one of the appli- 
cations of the smart card, he inserts his smart card 1 into I/O device 2 of terminal 2, 
3, 4 which may be constructed like terminal 2, 3, 4 shown in Figure 1 and has the 
features described above in connection with the initialization of smart card 1. The 
biometric features or data detected by sensor 4 of terminal 2, 3, 4 are converted by at 
least one algorithm stored in terminal 2, 3, 4 into at least one set of comparative data. 
Smart card 1 reads the sets of reference data present there in memory 13 by means of 
I/O device 2 and compares them with at least one set of the comparative data gener- 
ated from the biometric features or data detected by sensor 2. If a match within the 
tolerance range of the algorithm used for comparison is ascertained between a set of 
reference data stored in memory 13 of smart card 1 and at least one set of compara- 
tive data generated in terminal 2, 3, 4, smart card 1 is enabled for the particular de- 
sired application. 

Since the possibly necessary check of all existing sets of reference data in smart 
card 1 with all sets of comparative data available in terminal 2, 3, 4 is elaborate, use 
can be made of the above-described headers. Smart card 1 thus transfers a header 




together with the set of biometric reference data to indicate the algorithm used for 
generating the corresponding set of reference data. In terminal 2, 3, 4 the same algo- 
rithm is then used for generating the comparative data from the biometric data of the 
sensor. It is likewise possible that at the request of terminal 2, 3, 4 a set of reference 
data generated by a certain algorithm is transferred by smart card 1 to terminal 2, 3, 
4. The corresponding algorithm is then also used in terminal 2, 3, 4 for generating 
the comparative data from the biometric data of sensor 4. To facilitate use it may be 
provided that identifications are added to terminal 2, 3, 4 and to smart card 1 to des- 
ignate the particular existing sets of reference data and comparative data or algo- 
rithms. This makes it immediately apparent to the user whether an identified terminal 
can at least evaluate one set of reference data existing on his smart card. 

Besides the above-described comparison of the reference data with the com- 
parative data in microcomputer 3 of terminal 2, 3, 4, it is also possible to perform the * 
comparison by means of microcomputer 12 of smart card 1 . 

To increase the security of the employed check of biometric data, it may be 
provided that several different sets of reference data and comparative data are used 
for the authentication check. That is, at least two sets of reference data and compara- 
tive data generated by different algorithms are evaluated. For this purpose the 
biometric data detected by sensor 4 in terminal 2, 3, 4 are converted by microcom- 
puter 3 into different sets of comparative data by different algorithms and compared 
with the sets of reference data from memory 13 of smart card 1, In the process there 
can be a sequential check of all sets of reference data stored in memory 13 with each 
set of comparative data, as described above, until a match with the sets of reference 
data to be checked is determined. By the above-described use of headers the corre- 
sponding sets of reference data can also be directly accessed. 

In a modification it is possible to decide authentication positively if for exam- 
ple in case of three checked sets of reference data and comparative data a match was 
ascertained for two sets of reference data and comparative data. 

In another modification it is possible that the different sets of reference data 
and comparative data are generated from the data of different biometric features, e.g. 



iris and retina or fingerprint and iris, etc. In this case accordingly suitable sensors 
must be present. Additionally, different algorithms can also be applied to the differ- 
ent biometric data in this case. 
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Claims 

1 . A portable data carrier (1) for authentication by means of biometric data having 
a memory (13) in which biometric reference data are stored, characterized in 
that at least two sets of reference data are stored, the different sets of reference 
data being generated from the biometric data by different algorithms. 

2. A terminal (2,3,4) for authentication by means of biometric data having a sen- 
sor (4) for detecting biometric features, an I/O device (2) for transferring data, 
and a control and data processing unit (3) which converts biometric data from 
the sensor (4) which were derived from the detected biometric features into 
comparative data by an algorithm, characterized in that at least two different 
algorithms are used to convert the biometric data from the sensor (4) into com- 
parative data. 

3. A portable data carrier (1) and a terminal (2,3,4) according to claims 1 and 2, 
characterized in that the reference data are transferred by the I/O device (2) 
from the data carrier (1) to the terminal (2,3,4), and the control and data proc- 
essing unit (3) checks the reference data for a match with the comparative data. 

4. A portable data carrier (1) and a terminal (2,3,4) according to claims 1 and 2, 
characterized in that the comparative data are transferred by the I/O device (2) 
from the terminal (2,3,4) to the data carrier (1), the data carrier (1) having a 
control and data processing unit (12) which checks the reference data for a 
match with the comparative data, 

5. A portable data carrier (1) according to claim 1 or claim 3 or 4, characterized in 
that the portable data carrier (1) is a smart card. 

6. A portable data carrier (1) or a terminal (2,3,4) according to claims 1 or 2 or 
any of claims 3 to 5, characterized in that the sets of reference data and the al- 
gorithms used for generating the sets of comparative data have a characteristic 
identification, and reference data and comparative data with the same identifi- 
cation are checked. 

7. A portable data carrigr (1) or a terminal (2,3,4) according to claims 1 or 2 or 
any of claims 3 to 6, characterized in that the biometric features are iris, retina. 




face, speech, fingerprints or a signature and the writing dynamics determined 
during signing. 

8. A method for authentication by means of biometric data wherein 

several reference data derived from the biometric data by different algorithms 
are stored, 

biometric data are detected, 

the detected biometric data are converted into comparative data by an algo- 
rithm, and 

the stored reference data are compared with the converted comparative data for 
^2 authentication. 

|i 9. A method according to claim 8, characterized in that the detected biometric 

111 data are converted into comparative data by at least two different algorithms. 

IjJ 10. A method according to claim 8 or 9, characterized in that the reference data 

'^"^ and/or comparative data or the algorithms generating them have an identifica- 

[Sv tion, and only the stored reference data are compared with converted conopara- 

tive data which have the same identification or only comparative data are con- 
C3 verted from the detected biometric data by the algorithm which has the same 

identification. 

11. A method according to any of claims 8 to 10, characterized in that the 
biometric features are iris, retina, face, speech, fingerprints or a signature and 
the writing dynamics determined during signing, 

12. A method according to any of claims 8 to 1 1, characterized in that several dif- 
ferent sets of reference data are compared with several different sets of com- 
parative data for authentication. 

13. A method according to claim 12, characterized in that the conversion of the 
different sets of reference data and comparative data starts out from biometric 
data of the same kind which are converted by different algorithms. 

14. A method according to claim 12, characterized in that the conversion of the 
different sets of reference data and comparative data starts out from different 
biometric data which are converted by the same or by different algorithms. 



A method according to any of claims 12 to 14, characterized in that upon com- 
parison of several different sets of reference data with several different sets of 
comparative data the authentication is decided positively if the majority of 
comparisons is positive. 
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^application(s) designatmg The United States of America listed below and, insofar as the subject matter of each of the claims of this application is 
'^^Jnot disclosed in that^those prior application(s) in the manner provided by the first paragraph of Title 35, United States Code, §112, 1 acknowledge 
ilSthe duty to disclose information which is material to patentability as defined in Title 37, Code of Federal Regulations, 56" which became 
ava ilable between the filing date of the prior appiication(s) and the national or PCT intemational filing date of this application: 



Application Number 



Filing Date 



Status - Patented, Pending or 
Abandoned 



\ Q Additional US/PCT Priority AppHcation(s) listed on Following Page(s) 

^ 1 hereby declare that all statements made herein of my own knowledge are true and that all statements made on information and belief 

are believed to be true; and further that these statements were made with the knowledge that willful false statements and the like so made are 
punishable by fine or imprisonment, or both, under section 1001 of title 18 of the United States Code and that such willful false statements may 
jeopardize the validity of the application or any patent issued thereon. 

POWER OF ATTORNEY; I (We) hereby appoint as my (our) attorneys, with full powers of substitution and revocation, to prosecute 
this application and transact all business in the Patent and Trademark Office connected therewith: J. Ernest Kenney, Reg. N o. 19.179 : Eugene 
Mar, Reg. N o. 25,893 : Richard E. Fichter, Reg. N o. 26382; T homas J. Moore, Reg. I Sfo. 28.974 : Joseph DeBenedictis, Reg. No . 2S.502l 
Benjamin E. Urcia, Reg. No. 33S05\ and 

l(we) authorize my(our) attorneys to accept and follow instructions fro m Klunker Schmitt-Nilson Hirsch regarding any matter related 

to the preparation, examination, grant and maintenance of this application, any continuation, continuation-in-part or divisional based thereon, and 
any patent resulting therefrom, until I(we) or my(our) assigns withdraw this authorization in writing. 
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625 Slaters Lane - 4*'' Floor 
Alexandria, VA 22314-1176 
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(703) 683-0500 
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Post Office Address is the same as Residence Address unless 
otherwise shown below 
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Germany 
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Post Office Address is the same as Residence Address unless otherwise 
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Robert MULLER 


CiTIZENSHIP 

Germany 
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Hansjakobstrasse 80, D-81673 Miinchen, Germany 2^£Q^ 


Post Office Address is the same as Residence Address unless otherwise 
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